Lucene search
PRIOn knowledge basePRION:CVE-2024-22236HistoryJan 31, 2024 - 7:15 a.m.
Information disclosure
2024-01-3107:15:00
PRIOn knowledge base
www.prio-n.com
4
spring cloud contract
information disclosure
local vulnerability
unsafe permissions
temporary directory
nvd
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency.
References
Related
github
github
Spring Cloud Contract vulnerable to local information disclosure
2024-01-31 09:30:18
veracode
veracode
Information Disclosure
2024-02-01 06:02:23
osv
osv
Spring Cloud Contract vulnerable to local information disclosure
2024-01-31 09:30:18
CVE-2024-22236
2024-01-31 07:15:07
cve
cve
CVE-2024-22236
2024-01-31 07:15:07
nvd
nvd
CVE-2024-22236
2024-01-31 07:15:07
cvelist
cvelist
CVE-2024-22236
2024-01-31 06:54:51